

What Is Claimed Is: 



f^^-A 1- An object management method fibr performing access control for 
a stored object, the method comprising the/steps of: 

defining a retrieval condition for retrieving an object; 
setting an access right in association with the retrieval condition; 

and 

performing access control for aA object matching the retrieval 
condition on the basis of the access rignt. 

2. The object management me/hod according to claim 1, further 
comprising the steps of: 

performing a check, when a Request for access to an object occurs, 
to see whether the object meets the retrieval condition; and 

controlling access to the aacess-requested object on the basis of the 
access right that has been set in association with the retrieval condition. 

3. The object managemei/t method according to claim 1, further 
comprising the steps of: 

setting an identifier for/identifying each object in association with 
the retrieval condition; 

performing a check, When a request for access to an object occurs, 
to see whether the identifier of[ the object has been set in association with 
the retrieval condition; and 

controlling access t6 the access-requested object on the basis of the 
access right that has been set in association with the retrieval condition if a 
result of the check indicates that the identifier of the access-requested object 

with the retrieval condition. 



has been set in associatio 
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4. The object management method according to claim 3, wherein 
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the association between the retrieval condition and the identifier is changed 
according to need when addition, modification, or deletion of the <}Bject 
identified by the identifier is made. 

5. The object management method according to claimy£, further 
comprising the step of: 

performing access control, if the access-requested object matches a 
plurality of retrieval conditions, on the basis of OR of /he matched retrieval 
conditions. 

6. The object management method accor$tfng to claim 2, further 
comprising the step of: 

performing access control, if the access-requested object matches a 
plurality of retrieval conditions, on the bas^s of AND of the matched 
retrieval conditions. 

7. The object management method according to claim 1, wherein 
the object is stored with attribute data, and the retrieval condition aims to 
retrieve the object on the basis of me attribute data. 

8. The object management method according to claim 1, wherein 
the object is stored with attribute data and a method for referring to an entity 
of the object, and the retrie/al condition aims to retrieve the object on the 
basis of the attribute datyand the entity of the object referred to by the 
method. 

9. The objeof management method according to claim 1, wherein 
the access right is £ specification about a user and an access type allowed to 
access the object 

10. An object management system performing access control for an 
object stored/in object storing means, the system comprising: 

access control means for managing both a retrieval condition for 



2 2 



retrieving an object and access right that has been set in association with the 
retrieval condition, thereby controlling access to the object; &nd 

retrieval means for retrieving an object stored in tfye object storing 
means on the basis of the retrieval condition, 

wherein the access control means performs access control for an 
object matching the retrieval condition on the basis of ^retrieval result by 
the retrieval means. 

11. The object management system according to claim 10, wherein 
the retrieval means performs a check, when a reqiiest for access to an object 
occurs, to see whether the object matches the retrieval condition, and the 
access control means controls access to the ac/ess-requested object based on 
the access right that has been set in associat/on with the retrieval condition 
if a retrieval result by the retrieval means indicates that the access-requested 
object matches the retrieval condition. 

12. The object management system according to claim 10, wherein 
the access control means manages an/identifier for identifying each object in 
association with the retrieval condition, and controls, when a request for 
access to an object occurs and if the identifier of the object has been set in 
association with the retrieval condition, access to the access-requested 
object on the basis of the access right that has been set in association with 
the retrieval condition. 

13. The object management system according to claim 12, wherein 
the retrieval means retrieves an object stored in the object storing means 
when addition, modification, or deletion of the object is made, and the 
access control means/changes the association between the retrieval condition 
and th^identifier ip accordance with a retrieval result by the retrieval 
meai 



14. The object management system according to claim/10, wherein 
the access control means performs access control, if an access-requested 
object matches a plurality of retrieval conditions, on the b/sis of OR of the 
matched retrieval conditions. / 

15. The object management system according to claim 10, wherein 
the access control means performs access control, ir an access-requested 
object matches a plurality of retrieval conditions; on the basis of AND of the 
matched retrieval conditions. / 

16. The object management systern according to claim 10, wherein 
the object storing means stores an object with attribute data of the object, 
and the retrieval means retrieves the e>bject on the basis of the attribute data. 

17. The object management system according to claim 10, wherein 
the object storing means stores ^an object with attribute data and a method 
for referring to an entity of t#e object, and the retrieval means retrieves the 
object on the basis of the sutribute data and the entity of the object referred 
to by the method. / 

18. The object management system according to claim 10, wherein 
the access control/means manages the access right as a specification of a 
user and an access type allowed to access the object. 



